Wireshark网络抓包实践
1. 網(wǎng)絡(luò)抓包相關(guān)閱讀
- 抓包工具Wireshark基本介紹和學(xué)習(xí)TCP三次握手
- Wireshark網(wǎng)絡(luò)抓包實踐
- HTTP代理神器Fidder
2. Wireshark
世界上最流行的網(wǎng)絡(luò)協(xié)議分析器,抓包工具Wireshark基本介紹和學(xué)習(xí)TCP三次握手
通過ping命令拿到網(wǎng)址的IP
過濾表達式的規(guī)則
| 協(xié)議過濾 | 比如TCP,只顯示TCP協(xié)議 |
| IP 過濾 | 比如 ip.src ==192.168.1.102 顯示源地址為192.168.1.102,ip.dst==192.168.1.102,目標(biāo)地址為192.168.1.102 |
| 端口過濾 | tcp.port ==80, 端口為80的; tcp.srcport == 80, 只顯示TCP協(xié)議的愿端口為80的 |
| Http模式過濾 | http.request.method==”GET”, 只顯示HTTP GET方法的 |
| 邏輯運算符 | AND/ OR |
常用的過濾表達式
| http | 只查看HTTP協(xié)議的記錄 |
| ip.src ==192.168.1.102 | 過濾源ip地址是192.168.1.102 |
| ip.dst==192.168.1.102 | 過濾目標(biāo)ip地址是192.168.1.102 |
| ip.src ==192.168.1.102 or ip.dst==192.168.1.102 | 源地址或者目標(biāo)地址是192.168.1.102 |
| http.request.method==”GET” | 過濾get請求 |
| http.request.method==”POST” | 過濾post請求 |
| http.request.method==”GET” and ip.dst==192.168.1.102 |
Wireshark抓包實戰(zhàn)
抓取某新聞客戶端的數(shù)據(jù)
注意事項
- 在抓取數(shù)據(jù)之前先清除緩存,緩存會影響抓包
過濾get請求
通過ping命令獲取新聞數(shù)據(jù)的目標(biāo)IP地址,封包信息中網(wǎng)址帶有163可能就是新聞客戶端的url
拿到目標(biāo)IP地址,就可以通過目標(biāo)IP地址過濾數(shù)據(jù)
用瀏覽器打開抓到的url,即可得到新聞的數(shù)據(jù)
http://c.m.163.com/nc/article/list/T1467284926140/0-20.html
新聞分類tid
url組織形式http://c.m.163.com/nc/article/list/tid/startindex-count.html
其中tid是新聞類別的id,startindex是數(shù)據(jù)的起始索引,count是新聞數(shù)據(jù)的條數(shù)
- 體育T1348649079062
- 頭條T1467284926140
- 娛樂T1348648517839
- 要聞T1348647909107
新聞Tab標(biāo)簽
http://c.m.163.com/nc/topicset/android/subscribe/manage/listspecial.html
{"tList": [{"template": "normal1","topicid": "0001899N","hasCover": false,"weburl": "http://www.163.com/","alias": "Top News","subnum": "3.2萬","recommendOrder": 0,"isNew": 0,"hashead": 1,"img": "","isHot": 0,"hasIcon": false,"cid": "C1348646712614","recommend": "0","headLine": true,"hasAD": 1,"color": "","bannerOrder": 0,"tname": "頭條","ename": "androidnews","showType": "comment","special": 0,"tid": "T1348647909107","ad_type": 1},{"template": "normal1","topicid": "0001899N;000187QQ","hasCover": false,"alias": "yaowenspecial","subnum": "10.6萬","recommendOrder": 0,"isNew": 0,"hashead": 1,"img": "","isHot": 0,"hasIcon": false,"cid": "C1348647991705","recommend": "0","headLine": false,"hasAD": 1,"color": "","bannerOrder": 0,"tname": "要聞","ename": "yaowenspecial","showType": "comment","special": 0,"tid": "T1467284926140","ad_type": 1},{"template": "recommend","topicid": "00037VVH","hasCover": false,"weburl": "http://ent.163.com/","alias": "Entertainment","subnum": "超過1000萬","recommendOrder": 120,"isNew": 0,"hashead": 1,"img": "T1348648517839","isHot": 0,"hasIcon": true,"cid": "C1348648351901","recommend": "1","headLine": false,"hasAD": 1,"color": "","bannerOrder": 0,"tname": "娛樂","ename": "yule","showType": "comment","special": 0,"tid": "T1348648517839","ad_type": 1}] }json數(shù)據(jù)中的tid即為上文中的新聞類別id
新聞詳情頁
http://c.m.163.com/nc/article/docid/full.html
https://c.m.163.com/news/a/docid.html
例如:http://c.m.163.com/nc/article/CG4A99320001899O/full.html
其中CG4A99320001899O是docid,如圖所示
總結(jié)
以上是生活随笔為你收集整理的Wireshark网络抓包实践的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Android RecyclerView
- 下一篇: 自定义控件:下拉刷新